Using the Command-Line Interface

Configuration Tasks

Type of Memory

Platforms

CLI Command Modes

User EXEC Mode

Privileged EXEC Mode

VLAN Database Mode

Global Configuration Mode

Interface Configuration Mode

Line Configuration Mode

Command Summary

Using the Command-Line Interface

The 2900 XL switches and 3500 XL switches are supported by Cisco IOS software. These switches currently support Cisco IOS Release 11.2(8)SA6. This chapter describes how to use the switch command-line interface (CLI) to configure features added for the switch. For a complete description of the commands that support these features, see "Cisco IOS Commands." For more information on Cisco IOS Release 11.2(8), refer to the Cisco IOS Release 11.2 Command Summary.

The switches are preconfigured and begin forwarding packets as soon as they are attached to compatible devices.

All ports belong by default to virtual LAN (VLAN) 1. Access to the switch itself is also through VLAN 1. For management purposes, only devices connected to ports assigned to VLAN 1 can communicate with the switch. This applies to Telnet, web-based management, and SNMP.

Note This manual describes commands used in the standard and Enterprise Edition Software packages. Commands and features that are available only in the Enterprise Edition Software are identified; otherwise, the command and feature is supported in both the standard and Enterprise Edition Software.

Configuration Tasks

You can perform the following configuration tasks on your 2900 XL switches or 3500 XL switches:

Assigning IP information to the switch
Setting port features, including creating Fast EtherChannel and Gigabit EtherChannel port groups
Managing the switch MAC-address table
Enabling the Spanning-Tree Protocol (STP) Port Fast feature
Enabling the Cisco Group Management Protocol (CGMP) Fast Leave feature
Assigning ports for static-access VLAN membership
Assigning ports for multi-VLAN membership
Configuring a command switch
Building a cluster
Configuring Network Time Protocol (NTP)

Using the Enterprise Edition Software, you can complete the following configuration tasks:

Authenticating user access
Configuring a method for an accelerated backup root port
Configuring VLAN Trunk Protocol (VTP)
Adding a VLAN to the database
Modifying a VLAN in the database
Removing a VLAN from the database
Configuring a VLAN trunk
Assigning ports for dynamic VLAN membership

For detailed information about completing these tasks, see the Cisco IOS Desktop Switching Configuration Guide and Cisco IOS Desktop Switching Enterprise Edition Software Configuration Guide.

Type of Memory

The switch Flash memory stores the Cisco IOS software image, the startup configuration file, and helper files.

Platforms

Cisco IOS Release 11.2(8)SA6-A (standard edition software) and SA6-EN (Enterprise Edition Software) run on a variety of 3500 XL and 2900 XL switches and modules. For a complete list, see the Release Notes for Catalyst 2900 Series XL and Catalyst 3500 Series XL Cisco IOS Release 11.2(8)SA6.

CLI Command Modes

This section describes the CLI command mode structure. Command modes support specific Cisco IOS commands. For example, the interface type_number command works only when entered in global configuration mode. The Cisco IOS command modes are as follows:

User EXEC mode
Privileged EXEC mode
VLAN database mode
Global configuration mode
Interface configuration mode
Line configuration mode

Table 1-1 lists the command modes, how to access each mode, the prompt you will see in that mode, and how to exit that mode. The prompts listed assume the default names Switch and ATM.

Table 1-1: Command Modes Summary
Command Mode Access Method Prompt Exit or Access Next Mode

User EXEC

This is the first level of access.

(For the switch) Change terminal settings, perform basic tasks, and list system information.

(For ATM) Begin a session with the ATM module.

Switch> ATM>
Enter the logout command.

Privileged EXEC

From user EXEC mode, enter the enable user EXEC command.

Switch# ATM#
To exit to user EXEC mode, enter the disable command.

To enter global configuration mode, enter the configure command.

VLAN database

From user EXEC mode, enter the vlan database command.

Switch(vlan)#
To exit to user EXEC mode, enter the exit command.

Global configuration

From privileged EXEC mode, enter the configure privileged EXEC command.

Switch (config)# ATM (config)#
To exit to privileged EXEC mode, enter the exit or end command, or press Ctrl-Z.

To exit to global configuration mode, enter the end command.

To enter interface configuration mode, enter the interface configuration command.

Interface configuration

From global configuration mode, specify an interface by entering the interface command.

Switch (config-if)# ATM (config-if)#
To exit to privileged EXEC mode, enter the exit command, or press Ctrl-Z.

To enter subinterface configuration mode, specify a subinterface with the interface command. On the ATM module, the LANE client is considered a subinterface.

Line configuration

From global configuration mode, specify a line by entering the line command.

Switch (config-line)# ATM (config-line)#
To exit to interface configuration mode, enter the end command.

To exit to global configuration mode, enter the exit command.

To return to privileged EXEC mode, enter the end command, or press Ctrl-Z.

Table 1-1: **Command Modes Summary**
Command Mode	Access Method	Prompt	Exit or Access Next Mode
User EXEC	This is the first level of access. (For the switch) Change terminal settings, perform basic tasks, and list system information. (For ATM) Begin a session with the ATM module.	Switch> ATM>	Enter the logout command.
Privileged EXEC	From user EXEC mode, enter the enable user EXEC command.	Switch# ATM#	To exit to user EXEC mode, enter the disable command. To enter global configuration mode, enter the configure command.
VLAN database	From user EXEC mode, enter the vlan database command.	Switch(vlan)#	To exit to user EXEC mode, enter the exit command.
Global configuration	From privileged EXEC mode, enter the configure privileged EXEC command.	Switch (config)# ATM (config)#	To exit to privileged EXEC mode, enter the exit or end command, or press Ctrl-Z. To exit to global configuration mode, enter the end command. To enter interface configuration mode, enter the interface configuration command.
Interface configuration	From global configuration mode, specify an interface by entering the interface command.	Switch (config-if)# ATM (config-if)#	To exit to privileged EXEC mode, enter the exit command, or press Ctrl-Z. To enter subinterface configuration mode, specify a subinterface with the interface command. On the ATM module, the LANE client is considered a subinterface.
Line configuration	From global configuration mode, specify a line by entering the line command.	Switch (config-line)# ATM (config-line)#	To exit to interface configuration mode, enter the end command. To exit to global configuration mode, enter the exit command. To return to privileged EXEC mode, enter the end command, or press Ctrl-Z.

User EXEC Mode

After you access the device, you are automatically in user EXEC command mode. The EXEC commands available at the user level are a subset of those available at the privileged level. In general, the user EXEC commands allow you to change terminal settings temporarily, perform basic tests, and list system information.

The supported commands can vary depending on the version of IOS software in use. To view a comprehensive list of commands, enter a question mark (?) at the prompt.

Switch> ? 
 
ATM> ?

Privileged EXEC Mode

Because many of the privileged commands configure operating parameters, privileged access should be password-protected to prevent unauthorized use. The privileged command set includes those commands contained in user EXEC mode, as well as the configure command through which you access the remaining command modes.

If your system administrator has set a password, you are prompted to enter it before being granted access to privileged EXEC mode. The password is not displayed on the screen and is case sensitive.

The privileged EXEC mode prompt consists of the device name followed by the pound sign (#).

Switch# 

ATM#

Enter the enable command to access privileged EXEC mode:

Switch> enable 
Switch# 
 
ATM> enable 
ATM#

The supported commands can vary depending on the version of IOS software in use. To view a comprehensive list of commands, enter a question mark (?) at the prompt.

Switch# ? 
 
ATM# ?

To return to user EXEC mode, enter the disable command.

VLAN Database Mode

This command mode is available only in the Enterprise Edition Software. The VLAN database commands allow you to modify VLAN parameters. Enter the vlan database command to access VLAN database mode:

Switch> vlan database
 
Switch(vlan)#

The supported commands can vary depending on the version of IOS software in use. To view a comprehensive list of commands, enter a question mark (?) at the prompt.

Switch(vlan)# ?

To return to user EXEC mode, enter the abort command.

Global Configuration Mode

Global configuration commands apply to features that affect the device as a whole. Use the configure privileged EXEC command to enter global configuration mode. The default is to enter commands from the management console.

When you enter the configure command, the console prompts you for the source of the configuration commands:

Switch# configure 
Configuring from terminal, memory, or network [terminal]?
 
ATM# configure 
Configuring from terminal, memory, or network [terminal]?

You can specify either the terminal or NVRAM as the source of configuration commands.

The following example shows you how to access global configuration mode:

Switch# configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z. 
 
ATM# configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.

The supported commands can vary depending on the version of IOS software in use. To view a comprehensive list of commands, enter a question mark (?) at the prompt.

Switch(config)# ? 
Switch(config)# 

ATM(config)# ? 
ATM(config)#

To exit global configuration command mode and return to privileged EXEC mode, enter the end or exit command, or press Ctrl-Z.

Interface Configuration Mode

Interface configuration commands modify the operation of the interface. Interface configuration commands always follow a global configuration command, which defines the interface type.

Use the interface type_number.subif command to access interface configuration mode. The new prompt indicates interface configuration mode.

Switch(config-if)#

ATM(config-if)#

In one of the following examples, ATM interface 1 is about to be configured.

Note The interface number for Slot A is 1, and the interface number for Slot B is 2.

The following examples show you how to access interface configuration mode by using the int command:

Switch(config-subif)# int FastEthernet 0/1
 
ATM(config-subif)# int atm1.1 multipoint

The supported commands can vary depending on the version of IOS software in use. To view a comprehensive list of commands, enter a question mark (?) at the prompt.

Switch(config-subif)# ? 
Switch(config-if)# 
 
ATM(config-subif)# ? 
ATM(config-if)#

To exit interface configuration mode and return to global configuration mode, enter the exit command. To exit interface configuration mode and return to privileged EXEC mode, enter the end command, or press Ctrl-Z.

Line Configuration Mode

Line configuration commands modify the operation of a terminal line. Line configuration commands always follow a line command, which defines a line number. These commands are used to change terminal parameter settings line-by-line or for a range of lines.

Use the line vty line_number [ending_line_number] command to enter line configuration mode. The new prompt indicates line configuration mode. The following examples shows how to enter line configuration mode for virtual terminal line 7:

Switch(config)# line vty 0 7 
 
ATM(config)# line vty 0 7

The supported commands can vary depending on the version of IOS software in use. To view a comprehensive list of commands, enter a question mark (?) at the prompt.

Switch(config-line)# ? 
 
ATM(config-line)# ?

To exit line configuration mode and return to global configuration mode, use the exit command. To exit line configuration mode and return to privileged EXEC mode, enter the end command, or press Ctrl-Z.

Command Summary

Table 1-2 lists and describes the Cisco IOS commands for the Catalyst 2900 XL and Catalyst 3500 XL switches. Table 1-1 The commands are sorted by the command modes from which they are entered.

Table 1-2: Command Summary
Commands Description

User EXEC mode

clear mac-address-table

Deletes all addresses in the MAC address table.

show cluster

Shows a summary of the cluster to which the switch belongs.

show cluster candidates

Shows switches that are not currently members of the cluster but could be.

show cluster members

Shows all members in a cluster

show cluster view

Shows a view of neighbors in a cluster.

show ntp associations

Shows the status of NTP associations

show ntp status

Shows the status of NTP.

show spanning-tree

Displays Spanning-Tree Protocol (STP) information.

show vlan

Displays information about a VLAN.

show version

Show the firmware version for the switch or module.

show vtp

Displays general information about the VTP management domain, status, and counters.

Privileged EXEC mode

clear cgmp

Deletes the multicast addresses and router ports maintained by Cisco Group Management Protocol (CGMP).

clear ip address

Deletes the IP address without disabling the IP processing.

clear mac-address-table

Deletes all addresses in the MAC address table.

clear vmps statistics

Clears the statistics maintained by the VLAN Query Protocol (VQP) client.

clear vtp counters

Clears the VLAN Trunk Protocol (VTP) counters.

cluster setup

Automatically builds a cluster.

copy tftp

Downloads a new Flash image for the ATM module.

delete

Deletes a file from the file system.

rcommand

Executes commands on a cluster member from the command switch.

session

Logs into an ATM module.

show cgmp

Displays the current state of the CGMP-learned multicast groups and routers.

show file system

Shows information about local and remote file systems.

show interface

Displays the administrative and operational status of a switching (nonrouting) port.

show mac-address-table

Displays the MAC address table.

show port block

Displays the blocking of unicast and multicast filtering for the port.

show port group

Displays the ports that are assigned to groups.

show port monitor

Displays the ports that have port monitoring enabled.

show port network

Displays the network ports on the switch.

show port security

Displays the ports that have port security enabled.

show port storm-control

Displays the setting of broadcast-storm control.

show tacacs

Displays various T+ server statistics.

show vmps

Displays the VQP version, reconfirmation interval, retry count, server IP addresses, and current and primary servers.

show vmps statistics

Displays the VQP client-side statistics.

vlan database

Enters VLAN database mode.

vmps reconfirm

Sends VQP queries to reconfirm all dynamic VLAN assignments with the VLAN Membership Policy Server (VMPS).

Global configuration mode

cgmp

Enables CGMP.

cluster member

Adds members to the cluster.

cluster enable

Turns on the cluster command feature for a device.

cluster commander-address

Adds a switch to the cluster. Only the command switch uses this command.

enable last-resort

Specifies what happens if the TACACS and Extended TACACS servers used by the enable command do not respond.

enable use-tacacs

Enables the use of TACACS to determine whether a user can access the privileged command level.

interface

Selects an interface to configure.

mac-address-table aging-time

Sets the length of time that a dynamic entry remains in the address table.

mac-address-table dynamic

Adds a dynamic address entry to the address table.

mac-address-table secure

Adds a secure address entry to the address table.

mac-address-table static

Adds a static address entry to the address table.

ntp access-group

Controls access to the system's NTP services.

ntp authenticate

Enables NTP authentication.

ntp authentication-key

Defines an authentication key for NTP.

ntp broadcastdelay

Sets the estimated round-trip delay between the Cisco IOS software and an NTP broadcast server.

ntp clock-period

Determines the clock error.

ntp max-associations

Sets the maximum number of NTP associations that are allowed on a server.

ntp peer

Configures the router's system clock to synchronize a peer or to be synchronized by a peer.

ntp server

Allows the router's system clock to be synchronized by a time server.

ntp source

Uses a particular source address in NTP packets.

ntp trusted-key

Authenticates the identity of a system to which NTP will synchronize.

shutdown vlan

Shuts down local traffic on the specified VLAN.

snmp-server enable traps vlan-membership

Enables SNMP notification for VMPS changes.

snmp-server enable traps vtp

Enables SNMP notification for VTP changes.

snmp-server host

Specifies the host that receives SNMP traps.

spanning-tree

Enables an instance of STP.

spanning-tree forward-time

Specifies the forward delay interval for the switch.

spanning-tree hello-time

Specifies the interval between hello Bridge Protocol Data Units (BPDUs).

spanning-tree max-age

Changes the interval the switch waits to receive BPDUs from the root switch.

spanning-tree priority

Configures the bridge priority for the specified spanning-tree instance.

spanning-tree protocol

Defines the type of STP.

spanning-tree uplinkfast

Accelerates the choice of a new root port when a link or switch fails or when STP reconfigures itself.

tacacs-server attempts

Controls the number of login attempts that can be made on a line set up for TACACS, Extended TACACS, or TACACS+ verification.

tacacs-server directed-request

Sends only a username to a specified server when a direct request is issued in association with TACACS, Extended TACACS, and TACACS+.

tacacs-server dns-alias-lookup

Enables IP Domain Name System alias lookup for TACACS+.

tacacs-server extended

Enables an extended TACACS mode.

tacacs-server host

Specifies a TACACS, Extended TACACS, or TACACS+ host.

tacacs-server key

Sets the authentication encryption key used for all TACACS+ communications between the access server and the TACACS+ daemon.

tacacs-server last-resort

Causes the network access server to request the privileged password as verification for TACACS or Extended TACACS or to allow successful login without further input from the user.

tacacs-server login-timeout

Specifies the maximum amount of time in seconds to wait for a TACACs login.

tacacs-server optional-passwords

Specifies that the first TACACS request to a TACACS or Extended TACACS server be made without password verification.

tacacs-server retransmit

Specifies the number of times the Cisco IOS software searches the list of TACACS or Extended TACACS server hosts before giving up.

tacacs-server timeout

Sets the interval that the server waits for a TACACS, Extended TACACS, or TACACS+ server to reply.

vmps reconfirm

Changes the reconfirmation interval for the VQP client.

vmps retry

Configures the per-server retry count for the VQP client.

vmps server

Configures the primary VMPS and up to three secondary servers.

vtp file

Modify the VTP configuration storage filename.

VLAN database mode

abort

Abandons the proposed new VLAN database, and return to privileged EXEC mode.

apply

Implements the proposed new VLAN database, propagate it throughout the administrative domain, and remain in VLAN database mode.

exit

Implements the proposed new VLAN database, propagate it throughout the administrative domain, and return to privileged EXEC mode.

reset

Abandons the proposed new VLAN database, and remain in VLAN database mode.

show changes

Displays the differences between the currently implemented VLAN database on the switch and the proposed new VLAN database.

show current

Displays the currently implemented VLAN database on the switch or a single selected VLAN from it.

show proposed

Displays the proposed new VLAN database or a single selected VLAN from it.

vlan

Configures a VLAN by its VLAN ID.

vtp

Configures the VTP mode.

vtp domain

Configures the VTP administrative domain.

vtp password

Configures the VTP password.

vtp pruning

Enables pruning in the VTP administrative domain.

vtp v2-mode

Enables VTP version 2 mode in the administrative domain.

Interface configuration mode

duplex

Specifies the duplex mode of operation for a port.

flowcontrol

Controls traffic rates during congestion.

ntp broadcast client

Allows the system to receive NTP broadcast packets on an interface.

ntp broadcast destination

Configures an NTP server or peer to restrict broadcast of NTP frames to the IP address of a designated client or a peer.

ntp broadcast key

Configures an NTP server or peer to broadcast NTP frames with the authentication key embedded into the NTP packet.

ntp broadcast version

Specifies an interface to send NTP broadcast packets.

ntp disable

Prevents an interface from receiving NTP packets.

ip address

Sets a primary or secondary IP address of a port.

port block

Prevents the flooding of unknown destination MAC addresses and multicast addresses on this port.

port group

Places a port into a port aggregation group.

port monitor

Implements port monitoring on this port.

port network

Enables a port as the network port for a VLAN.

port security

Enables port security on a port.

port storm-control

Disables broadcast traffic if too many broadcast packets are seen on this port.

shutdown

Disables a port.

spanning-tree cost

Sets a different path cost.

spanning-tree portfast

Enables the Port Fast option on the switch.

spanning-tree port-priority

Configures the STP priority of a port.

speed

Specifies the speed of a port.

switchport access

Configures a port as an access or dynamic VLAN port.

switchport mode

Configures the VLAN membership mode of a port.

switchport multi

Configures a port to be a multi-VLAN port.

switchport trunk allowed vlan

Controls which VLANs can receive and transmit traffic on the trunk.

switchport trunk encapsulation

Sets the encapsulation format on the trunk.

switchport trunk native

Sets the native VLAN for untagged traffic when in IEEE 802.1Q trunking mode.

Line configuration mode

login authentication

Applies the authentication list to a line or set of lines.

login local

Changes a login username.

login tacacs

Configures your switch to use TACACS user authentication.

**Table 1-2: Command Summary**
Commands	Description
User EXEC mode
	clear mac-address-table	Deletes all addresses in the MAC address table.
	show cluster	Shows a summary of the cluster to which the switch belongs.
	show cluster candidates	Shows switches that are not currently members of the cluster but could be.
	show cluster members	Shows all members in a cluster
	show cluster view	Shows a view of neighbors in a cluster.
	show ntp associations	Shows the status of NTP associations
	show ntp status	Shows the status of NTP.
	show spanning-tree	Displays Spanning-Tree Protocol (STP) information.
	show vlan	Displays information about a VLAN.
	show version	Show the firmware version for the switch or module.
	show vtp	Displays general information about the VTP management domain, status, and counters.
Privileged EXEC mode
	clear cgmp	Deletes the multicast addresses and router ports maintained by Cisco Group Management Protocol (CGMP).
	clear ip address	Deletes the IP address without disabling the IP processing.
	clear mac-address-table	Deletes all addresses in the MAC address table.
	clear vmps statistics	Clears the statistics maintained by the VLAN Query Protocol (VQP) client.
	clear vtp counters	Clears the VLAN Trunk Protocol (VTP) counters.
	cluster setup	Automatically builds a cluster.
	copy tftp	Downloads a new Flash image for the ATM module.
	delete	Deletes a file from the file system.
	rcommand	Executes commands on a cluster member from the command switch.
	session	Logs into an ATM module.
	show cgmp	Displays the current state of the CGMP-learned multicast groups and routers.
	show file system	Shows information about local and remote file systems.
	show interface	Displays the administrative and operational status of a switching (nonrouting) port.
	show mac-address-table	Displays the MAC address table.
	show port block	Displays the blocking of unicast and multicast filtering for the port.
	show port group	Displays the ports that are assigned to groups.
	show port monitor	Displays the ports that have port monitoring enabled.
	show port network	Displays the network ports on the switch.
	show port security	Displays the ports that have port security enabled.
	show port storm-control	Displays the setting of broadcast-storm control.
	show tacacs	Displays various T+ server statistics.
	show vmps	Displays the VQP version, reconfirmation interval, retry count, server IP addresses, and current and primary servers.
	show vmps statistics	Displays the VQP client-side statistics.
	vlan database	Enters VLAN database mode.
	vmps reconfirm	Sends VQP queries to reconfirm all dynamic VLAN assignments with the VLAN Membership Policy Server (VMPS).
Global configuration mode
	cgmp	Enables CGMP.
	cluster member	Adds members to the cluster.
	cluster enable	Turns on the cluster command feature for a device.
	cluster commander-address	Adds a switch to the cluster. Only the command switch uses this command.
	enable last-resort	Specifies what happens if the TACACS and Extended TACACS servers used by the enable command do not respond.
	enable use-tacacs	Enables the use of TACACS to determine whether a user can access the privileged command level.
	interface	Selects an interface to configure.
	mac-address-table aging-time	Sets the length of time that a dynamic entry remains in the address table.
	mac-address-table dynamic	Adds a dynamic address entry to the address table.
	mac-address-table secure	Adds a secure address entry to the address table.
	mac-address-table static	Adds a static address entry to the address table.
	ntp access-group	Controls access to the system's NTP services.
	ntp authenticate	Enables NTP authentication.
	ntp authentication-key	Defines an authentication key for NTP.
	ntp broadcastdelay	Sets the estimated round-trip delay between the Cisco IOS software and an NTP broadcast server.
	ntp clock-period	Determines the clock error.
	ntp max-associations	Sets the maximum number of NTP associations that are allowed on a server.
	ntp peer	Configures the router's system clock to synchronize a peer or to be synchronized by a peer.
	ntp server	Allows the router's system clock to be synchronized by a time server.
	ntp source	Uses a particular source address in NTP packets.
	ntp trusted-key	Authenticates the identity of a system to which NTP will synchronize.
	shutdown vlan	Shuts down local traffic on the specified VLAN.
	snmp-server enable traps vlan-membership	Enables SNMP notification for VMPS changes.
	snmp-server enable traps vtp	Enables SNMP notification for VTP changes.
	snmp-server host	Specifies the host that receives SNMP traps.
	spanning-tree	Enables an instance of STP.
	spanning-tree forward-time	Specifies the forward delay interval for the switch.
	spanning-tree hello-time	Specifies the interval between hello Bridge Protocol Data Units (BPDUs).
	spanning-tree max-age	Changes the interval the switch waits to receive BPDUs from the root switch.
	spanning-tree priority	Configures the bridge priority for the specified spanning-tree instance.
	spanning-tree protocol	Defines the type of STP.
	spanning-tree uplinkfast	Accelerates the choice of a new root port when a link or switch fails or when STP reconfigures itself.
	tacacs-server attempts	Controls the number of login attempts that can be made on a line set up for TACACS, Extended TACACS, or TACACS+ verification.
	tacacs-server directed-request	Sends only a username to a specified server when a direct request is issued in association with TACACS, Extended TACACS, and TACACS+.
	tacacs-server dns-alias-lookup	Enables IP Domain Name System alias lookup for TACACS+.
	tacacs-server extended	Enables an extended TACACS mode.
	tacacs-server host	Specifies a TACACS, Extended TACACS, or TACACS+ host.
	tacacs-server key	Sets the authentication encryption key used for all TACACS+ communications between the access server and the TACACS+ daemon.
	tacacs-server last-resort	Causes the network access server to request the privileged password as verification for TACACS or Extended TACACS or to allow successful login without further input from the user.
	tacacs-server login-timeout	Specifies the maximum amount of time in seconds to wait for a TACACs login.
	tacacs-server optional-passwords	Specifies that the first TACACS request to a TACACS or Extended TACACS server be made without password verification.
	tacacs-server retransmit	Specifies the number of times the Cisco IOS software searches the list of TACACS or Extended TACACS server hosts before giving up.
	tacacs-server timeout	Sets the interval that the server waits for a TACACS, Extended TACACS, or TACACS+ server to reply.
	vmps reconfirm	Changes the reconfirmation interval for the VQP client.
	vmps retry	Configures the per-server retry count for the VQP client.
	vmps server	Configures the primary VMPS and up to three secondary servers.
	vtp file	Modify the VTP configuration storage filename.
VLAN database mode
	abort	Abandons the proposed new VLAN database, and return to privileged EXEC mode.
	apply	Implements the proposed new VLAN database, propagate it throughout the administrative domain, and remain in VLAN database mode.
	exit	Implements the proposed new VLAN database, propagate it throughout the administrative domain, and return to privileged EXEC mode.
	reset	Abandons the proposed new VLAN database, and remain in VLAN database mode.
	show changes	Displays the differences between the currently implemented VLAN database on the switch and the proposed new VLAN database.
	show current	Displays the currently implemented VLAN database on the switch or a single selected VLAN from it.
	show proposed	Displays the proposed new VLAN database or a single selected VLAN from it.
	vlan	Configures a VLAN by its VLAN ID.
	vtp	Configures the VTP mode.
	vtp domain	Configures the VTP administrative domain.
	vtp password	Configures the VTP password.
	vtp pruning	Enables pruning in the VTP administrative domain.
	vtp v2-mode	Enables VTP version 2 mode in the administrative domain.
Interface configuration mode
	duplex	Specifies the duplex mode of operation for a port.
	flowcontrol	Controls traffic rates during congestion.
	ntp broadcast client	Allows the system to receive NTP broadcast packets on an interface.
	ntp broadcast destination	Configures an NTP server or peer to restrict broadcast of NTP frames to the IP address of a designated client or a peer.
	ntp broadcast key	Configures an NTP server or peer to broadcast NTP frames with the authentication key embedded into the NTP packet.
	ntp broadcast version	Specifies an interface to send NTP broadcast packets.
	ntp disable	Prevents an interface from receiving NTP packets.
	ip address	Sets a primary or secondary IP address of a port.
	port block	Prevents the flooding of unknown destination MAC addresses and multicast addresses on this port.
	port group	Places a port into a port aggregation group.
	port monitor	Implements port monitoring on this port.
	port network	Enables a port as the network port for a VLAN.
	port security	Enables port security on a port.
	port storm-control	Disables broadcast traffic if too many broadcast packets are seen on this port.
	shutdown	Disables a port.
	spanning-tree cost	Sets a different path cost.
	spanning-tree portfast	Enables the Port Fast option on the switch.
	spanning-tree port-priority	Configures the STP priority of a port.
	speed	Specifies the speed of a port.
	switchport access	Configures a port as an access or dynamic VLAN port.
	switchport mode	Configures the VLAN membership mode of a port.
	switchport multi	Configures a port to be a multi-VLAN port.
	switchport trunk allowed vlan	Controls which VLANs can receive and transmit traffic on the trunk.
	switchport trunk encapsulation	Sets the encapsulation format on the trunk.
	switchport trunk native	Sets the native VLAN for untagged traffic when in IEEE 802.1Q trunking mode.
Line configuration mode
	login authentication	Applies the authentication list to a line or set of lines.
	login local	Changes a login username.
	login tacacs	Configures your switch to use TACACS user authentication.

For detailed command syntax and descriptions, see section entitled "Cisco IOS Commands." For task-oriented configuration steps, see the software configuration documentation that came with the product.

Table of Contents

Using the Command-Line Interface